Total
4092 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41889 | 1 Google | 1 Tensorflow | 2025-04-22 | 5.5 Medium |
| TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by passing in quantized tensors as input `ksizes`. We have patched the issue in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | ||||
| CVE-2022-41909 | 1 Google | 1 Tensorflow | 2025-04-22 | 4.8 Medium |
| TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | ||||
| CVE-2024-57435 | 1 Macrozheng | 1 Mall-tiny | 2025-04-22 | 6.5 Medium |
| In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure. | ||||
| CVE-2022-3108 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-22 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). | ||||
| CVE-2022-3107 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-22 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. | ||||
| CVE-2022-3105 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-22 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array(). | ||||
| CVE-2024-50608 | 1 Treasuredata | 1 Fluent Bit | 2025-04-22 | 7.5 High |
| An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_metrics_ng() at prom_rw_prot.c. | ||||
| CVE-2024-50609 | 1 Treasuredata | 1 Fluent Bit | 2025-04-22 | 7.5 High |
| An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c. | ||||
| CVE-2022-3115 | 1 Linux | 1 Linux Kernel | 2025-04-22 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. | ||||
| CVE-2022-3114 | 1 Linux | 1 Linux Kernel | 2025-04-22 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference. | ||||
| CVE-2022-3113 | 1 Linux | 1 Linux Kernel | 2025-04-22 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference. | ||||
| CVE-2022-3112 | 1 Linux | 1 Linux Kernel | 2025-04-22 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. | ||||
| CVE-2022-3111 | 1 Linux | 1 Linux Kernel | 2025-04-22 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). | ||||
| CVE-2022-3110 | 1 Linux | 1 Linux Kernel | 2025-04-22 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference. | ||||
| CVE-2022-3106 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-22 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc(). | ||||
| CVE-2025-43966 | 2025-04-21 | 2.9 Low | ||
| libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. | ||||
| CVE-2025-43967 | 2025-04-21 | 2.9 Low | ||
| libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item. | ||||
| CVE-2021-22570 | 6 Debian, Fedoraproject, Google and 3 more | 11 Debian Linux, Fedora, Protobuf and 8 more | 2025-04-21 | 6.5 Medium |
| Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. | ||||
| CVE-2023-40032 | 2 Fedoraproject, Libvips | 2 Fedora, Libvips | 2025-04-21 | 5.5 Medium |
| libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input. | ||||
| CVE-2022-41279 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2025-04-21 | 3.3 Low |
| A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | ||||